marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-09-19 10:39:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #820 from AnthonyMichaelTDM/issue819

Browse Source 
put plugin API on separate mux not protected by CSRF
This commit is contained in:
Toby Chui
2025-09-13 23:16:27 +08:00
committed by GitHub
parent c745d82cf3 e2c0fe3abf
commit 6efab48d33
3 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
example/plugins/plugin2plugin-comms-peer1/www/index.html
View File

@@ -21,12 +21,12 @@
z-index: 1000;
}
.sent-message {
background-color: #d4edda;
background-color: var(--theme_bg_primary);
border-left: 5px solid #155724;
animation: fadeIn 0.5s;
}
.received-message {
background-color: #cce5ff;
background-color: var(--theme_bg_secondary);
border-left: 5px solid #004085;
animation: fadeIn 0.5s;
}

4
example/plugins/plugin2plugin-comms-peer2/www/index.html
View File

@@ -21,12 +21,12 @@
z-index: 1000;
}
.sent-message {
background-color: #d4edda;
background-color: var(--theme_bg_primary);
border-left: 5px solid #155724;
animation: fadeIn 0.5s;
}
.received-message {
background-color: #cce5ff;
background-color: var(--theme_bg_secondary);
border-left: 5px solid #004085;
animation: fadeIn 0.5s;
}

16
src/main.go
View File

@@ -115,9 +115,19 @@ func main() {
//Initiate management interface APIs
requireAuth = !(*noauth)
initAPIs(webminPanelMux)
initRestAPI(webminPanelMux)
//Start the reverse proxy server in go routine
// Create a new plugin API mux
pluginAPIMux := http.NewServeMux()
initRestAPI(pluginAPIMux)
// Create a parent mux to route /plugin endpoints without CSRF, others with CSRF
parentMux := http.NewServeMux()
// /plugin (rest API) endpoints: no CSRF
parentMux.Handle("/plugin/", pluginAPIMux)
// all other endpoints: with CSRF
parentMux.Handle("/", csrfMiddleware(webminPanelMux))
// Start the reverse proxy server in go routine
go func() {
ReverseProxtInit()
}()
@@ -134,7 +144,7 @@ func main() {
SystemWideLogger.Println(SYSTEM_NAME + " started. Visit control panel at http://" + *webUIPort)
}
err = http.ListenAndServe(*webUIPort, csrfMiddleware(webminPanelMux))
err = http.ListenAndServe(*webUIPort, parentMux)
if err != nil {
log.Fatal(err)